Security-conscious Windows users attempting to protect themselves against Meltdown and Spectre attacks in the wild are being met with a deceptive “Your device is up to date” message — but they’re not yet protected.
In the days following the disclosure of CPU cache attacks Meltdown and Spectre, hardware, kernel, and software developers have rushed to provide security updates for their respective devices and platforms in an (ongoing) effort to secure their users against the wide-ranging (and not yet fully understood/internalized) side-channel vulnerabilities disclosed a few days ago on the 3rd of January, 2018.
For those that aren’t up to date on these attacks – stop now, and read this excellent LWN article on Meltdown and Spectre; if you’re so inclined, you can even have a look at the original Google Project Zero article where it all started. ((While the latter is more technical in nature, programming-inclined readers in the audience may find it to actually be easier to grok with its more definite and concrete approach, vs the somewhat abstract nature of pretty much all the other coverage out there.))
Ask your favorite typophile about the difference between Arial and Helvetica, and you’re sure to regret it… unless you have a latent appreciation for the differences between font faces, the attention given to kerning and hinting, and more. But ask them what’s the difference between Tahoma and Verdana, and you might just be surprised by the ensuing silence. Yet, these are two of the most popular online fonts, and have aged significantly well considering they share corporate roots with Comic Sans and Arial. ((Just to name two fonts that designers love to hate.)) If any fonts ever deserved scrutiny and attention, it’s these two.
Here are two lines of text, one in each of the two fonts in question:
The sandy text editor is an open source project from the team over at suckless.org, which make painfully minimal ((Perhaps best described as borderline masochist in their austerity and spartanism)) alternatives for popular tools and applications for unix-ish platforms.
But perhaps the tense being used here is wrong. For quite some time, sandy, suckless’ minimal vi(m) replacement, has been unavailable. The git repository is offline; the root cgit instance returning the following “No repositories found” message:
At NeoSmart Technologies, we’re huge fans of the new Windows Subsystem for Linux, ((Yes, we refuse to call it by its ungodly “Bash on Ubuntu on Windows” moniker)) and have spent a lot of time trying to make the transition between the native Win32 subsystem and the Linux/WSL subsystem as seamless as possible.
For those of you that haven’t already seen it, we recommend reading our previous article Meet $, your new best friend for WSL for an introduction to WSL and
$, our nifty helper utility that lets you directly run Linux commands in your Windows workflow. In brief, we developed
$ (also known – though less affectionately – as
RunInBash) to make it possible to run Linux utilities directly from within a Windows workflow, complete with arguments,
stderr redirection, and more.
We may not know for sure what it’s going to look like or what it will cost, but we do know that the new iPhone 8 – Apple’s 10 year iPhone anniversary edition – is on its way and it’ll be running iOS 11. And unlike the iPhone 8, iOS 11 has been available now for some time for beta testing and software development. There are a lot of changes – some good, some bad ((For example, because Apple couldn’t figure out how to get force touch working nicely on the new iPhone, they’ve chosen to deprecate force touch features across the OS, completely disabling the “force touch swipe from the edge of the screen to switch apps” after having completely rearchitectured the task switcher UX to specifically be built around this feature, rather than officially having a feature available on older gen iPhones but not on the latest and greatest.)) – but there are two new features that are especially important to be aware of given that they could – literally – save your life.
HTTPS is the future and the future is (finally) here. Secure HTTP requests that provide end-to-end encryption between the client making the request and the server providing it with the requested content is finally making some headway, with almost a third of the top one million sites on the internet serving content over SSL: ((Source: BuiltWith SSL trends))
But what this chart doesn’t show is an important subsection of HTTP traffic that is unfortunately infamous for a general lack of security: IoT. The “internet of things,” as it is called, is famous for fiascoes that have allowed hackers to break into the privacy of homes, spying on consumers via internet-enabled nanny cams, gaining access to so-called “smart locks” to break into houses, obtaining sensitive information, and exposing private content and data thanks to insecurely designed consumer products and services that live on the local network.
If you haven’t heard of
tac, it’s a pretty nifty command-line utility that ships with the GNU utils and it’s used to print a file backwards, line-by-line. It’s especially useful when analyzing things like log files, and judicious use of
tac can speed up commands considerably.
Take the example of a 30GiB webserver access log and you want to see the last request to a certain resource or that triggered a particular HTTP status code. You could run the following to get the last such request… which would take quite awhile on anything larger than a few hundred MiB:
> egrep "GET /path/to/resource " access.log | tail -n1
Or you could be smart about it and use
tac instead, and not even have time to blink before the result comes back:
> tac access.log | egrep "GET /path/to/resource " | head -n1
Have you ever wanted to quickly find out how long your system has been up and running for? Did you come back to a suspiciously empty desktop when you could have sworn you left some apps open and suspect your PC automatically installed some updates and rebooted while you were gone, but couldn’t be sure? Our latest application,
uptime, is the answer you’ve been looking for.
If you’re still stuck on .NET 2.0, 3.0, or 3.5 for any reason and don’t have access to the
.CopyTo method for
System.IO.Stream objects, the
Stream.CopyTo extension method, available as a small NuGet package will make manually allocating buffers and other boilerplate associated with copying a buffer from one stream to another a thing of the past.
Just a quick heads-up for all our readers: our recently released RunInBash utility – which makes mixing-and-matching PowerShell/Windows/CMD commands with WSL/Linux/Ubuntu commands under Windows 10 as easy as prefixing WSL commands with
$ to execute them from within a command prompt or PowerShell terminal – is now available under Chocolatey.